www.1337.or.id

Dynamic Content for Elementor < 1.9.6 - Authenticated RCE

Airlangga   10 February 2023   17.521 Views
The PHP Raw Widget dynamic.ooo widget php raw of the Dynamic Content for Elementor plugin before 1.9.6 did not properly check for user permissions, allowing accounts with a role as low as editor to perform RCE attacks. Proof of Concept POST wp admin admin ajax.php HTTP 1.1 Host exam...

[CVE-2022-3590] WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding

Ganesha   19 December 2022   28.615 Views
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU Time of check to time of use race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. Below is what a request to t...

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)

Ganesha   21 November 2022   32.737 Views
Security Team ChaMd5 disclose a Local File Inclusion vulnerability in phpMyAdmin latest version 4.8.1. And the exploiting of this vulnerability may lead to Remote Code Execution. usr bin env python import re, requests, sys check python major version if sys.version info.major 3...

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

Ganesha   21 November 2022   28.637 Views
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib statistics date parameter before outputting it back in an attribute, leading to a Reflected Cross Site Scripting issue Proof of Concept html body ...

qdPM 9.1 - Remote Code Execution (RCE) (Authenticated)

Ganesha   21 November 2022   25.531 Views
A remote code execution RCE vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users photo preview delete photo feature, allowing bypass of .htaccess protecti...

Elementor < 3.4.8 - DOM Cross-Site-Scripting

Ganesha   21 November 2022   25.196 Views
The plugin does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross Site Scripting issue. The issue was initially fixed in 3.1.4, however re introduced in 3.2.0. action lightbox settings eyJ0eXBlIjoibnV...

CVE-2022-3360 - Unauthenticated PHP Object Injection via REST API

Ganesha   21 November 2022   25.250 Views
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE . To successfully exploit this vulnerability attackers m...